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Amendments to the Claims 

This listing of claims replaces all prior versions, and listings, of claims in this application. 
Listing of Claims: 

1. (Currently Amended) A computer-implemented monitoring/intrusion detection system, 
comprising: 

a central loghost, 

at least one proxy loghost remote from the central loghost and in communication with the 
central loghost over a network ; and 

at least one monitoring station, 

wherein the proxy loghost receives a plurality of log files from a plurality of resources 
operating on a the network, analyzes the log files for at least one of unexpected volume, 
unexpected patterns, or unexpected types of log files, and generates events in view of such 
analysis, 

wherein the central loghost is operable to receive the events generated by the proxy 
loghost through the network and generate an alert upon an analysis of the events, and 

wherein the monitoring station is caused to issue an alarm when the alert is generated. 

2. (Original) The system of claim 1, wherein the central loghost comprises a plurality 
modules operating in a Unix environment. 

3. (Original) The system of claim 1, further comprising a plurality of proxy loghosts, 
each one of the plurality being in communication with the central loghost. 
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4. (Original) The system of claim 1, wherein the resources comprise at least one of an 
operating system, application, firewall, router, switch and loadbalancer. 

5. (Original) The system of claim 1, wherein a plurality of events is required to cause the 
generation of an alert. 

6. (Original) The system of claim 1, wherein security management has access to both the 
proxy loghost and the central loghost. 

7. (Original) The system of claim 1, wherein the log files are received from a network- 
based intrusion detection system. 

8. (Original) The system of claim 1, wherein the log files are received from a host-based 
intrusion detection system. 

9. (Original) The system of claim 1, wherein the log files are archived on the proxy 
loghost and the events are archived on the central loghost. 

10. (Original) The system of claim 1, further comprising software adapters to convert one 
format of a log file to another format. 

11. (Original) The system of claim 1, further comprising a module for visualizing the log 
files received at the proxy loghost. 
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12. (Currently Amended) A computer-implemented system for detecting intrusion into a 
secure network, comprising: 

a plurality of proxy loghosts, each proxy loghost collecting log files that are generated by 
resources in a portion of the secure network, the plurality of loghosts generating events in 
response to the log files collected; and 

a central loghost remote from the plurality of proxy loghosts and in communication with 
the plurality of proxy loghosts over a network , the central loghost receiving at l e ast on e of (i) the 
log files themselves and (ii) the events from the plurality of proxy loghosts, the central loghost 
analyzing the log files and the events to determine the necessity of generating an alert and an 
associated alarm to notify a security manager of a possible intrusion incident. 

13. (Original) The system of claim 12, wherein the central loghost comprises a plurality 
modules operating in a Unix environment. 

14. (Original) The system of claim 12, wherein the resources comprise at least one of an 
operating system, application, firewall, router, switch and loadbalancer. 

15. (Original) The system of claim 12, wherein a plurality of events is required to cause 
the generation of an alert. 

16. (Original) The system of claim 12, wherein security management has access to both 
the plurality of proxy loghosts and the central loghost. 


LEGAL_US_W n 55845023.1 


Serial No.: 10/670,298 Attorney's Docket No.: SRE0003-US 

Art Unit: 2135 Page 5 

Inventor: Andrea KLAES 

17. (Original) The system of claim 12, wherein the log files are received from a network- 
based intrusion detection system. 

18. (Original) The system of claim 12, wherein the log files are received from a host- 
based intrusion detection system. 

19. (Currently Amended) The system of claim 4- 12, wherein the log files are archived on 
the plurality of proxy loghosts and events are archived on the central loghost. 

20. (Original) The system of claim 12, further comprising software adapters to convert 
one format of a log file to another format. 

21. (Original) The system of claim 12, further comprising a module for visualizing the 
log files received at the proxy loghost. 

22. (Currently Amended) A method of monitoring a network, comprising: 
receiving a plurality of log messages at a proxy loghost; 

analyzing the log messages and determining whether, in the log files, there exists any 
anomalies or unusual patterns; 

generating an event in response to the anomalies or unusual patterns and forwarding the 
event over a network from the proxy loghost to a remote central loghost; 

monitoring the events at the central loghost and generating an alert in accordance with 
predetermined event analysis; and 
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generating sounding an alarm communication in coordination with the alert, the alarm 

being indicative of an unwanted incident in the network. 

23. (Original) The method of claim 22, wherein the central loghost comprises a plurality 
modules operating in a Unix environment. 

24. (Original) The method of claim 22, wherein a plurality of proxy loghosts receive log 

files. 

25. (Original) The method of claim 22, wherein the log files are received from resources 
comprising at least one of an operating system, application, firewall, router, switch and 
loadbalancer. 

26. (Original) The method of claim 22, further comprising generating the alert only after 
a plurality events are received. 

27. (Original) The method of claim 22, further comprising remotely accessing, from a 
single location, both the proxy loghost and the central loghost. 

28. (Original) The method of claim 22, wherein the log files are received from a network- 
based intrusion detection system. 

29. (Original) The method of claim 22, wherein the log files are received from a host- 
based intrusion detection system. 

30. (Original) The method of claim 22, further comprising archiving the log files on the 
proxy loghost and archiving the event on the central loghost. 
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